copylib. CCAN is hard to track for two reasons: (1) CCAN encourages people to bundle individual files from its collection rather than a single library. (2) Often the individual modules are from code which is also maintained separately in another location. For these reasons, each module from CCAN needs to have its own virtual provide. Please open a new bundling exception if you wish to use a module from CCAN that is not already listed here.

this recoll has changes that are not applicable to other applications.

TexStudio's qcodeedit

bundled(qcodeedit)

TexStudio contains a forked copy of qcodeedit 2, which is at least two years dead. Since TexStudio is the only user, there is no benefit to a separated library, and permission to bundle has been granted.

If the package in question shares the same upstream as binutils (sourceware.org), they may bundle these libraries. This is because the libraries are developed by the application authors as common functionality shared between several applications. Being developers of both, they'll be intimately aware of both issues that arise in the libraries and know how to port to newer versions of the library as needed. Note that, at the moment, all of these applications and libraries come from sourceware.org but not all of them are used in binutils. The name was chosen as it seemed to be the more permanent and recognizable name.

Spring RTS's lua implementation

bundled(lua)

Spring RTS includes a forked and bundled copy of Lua which has Spring RTS specific patches applied, must link to streflop, and is configured differently from stock Lua (most importantly it needs lua_Number to be a float and not a double). Lua is particularly important because parts of the game code may be written in it, which must yield exactly identical results (also floating point operations!) on all platforms.

If the package in question shares the same upstream as samba, they may bundle the libreplace library. This is because the libreplace library is developed by the application authors as common functionality shared between several applications. Being developers of both, they'll be intimately aware of both issues that arise in the libraries and know how to port to newer versions of the library as needed.

boost in passenger

bundled(boost)

Due to the intrusive nature of the forked changes, the efforts of the maintainer to merge as many of them as possible into the upstream boost source tree, and the visible efforts of the upstream to keep the bundled copy of boost in sync with the current boost releases. The maintainer, wako666, made efforts to redesign and merge the boost patches back to upstream boost. See https://fedorahosted.org/fpc/ticket/160 .

pyPdf in calibre

bundled(pyPdf)

Due to the intrusive nature of the forked changes, the specificity of the changes to calibre, and the fact that pyPdf seems to be abandoned upstream. See https://fedorahosted.org/fpc/ticket/167 .

8051 hardware bits, only useful in this firmware context, not packaged/used elsewhere.

JAXP and JAX-WS in openjdk

bundled(JAXP) and bundled(JAX-WS)

The openJDK code contains copies of JAXP and JAX-WS that occasionally go out of sync with their upstream versions. The upstream is the same for both revisions, and the openJDK code assumes/depends on the behavior of the bundled versions.

t4k_common's liblinebreak

bundled(liblinebreak)

t4k_common contains a forked copy of an older version of liblinebreak. This should be revisited when the t4k_common upstream is able to port their code to use the newer system copy of liblinebreak.

Heimdal bundles libtommath which is modified to reduce the risk of information leakage based upon computation timing attacks. Linking against OpenSSL is not thread-safe.

php-pecl-jsonc

bundled(libjson-c)

php-pecl-jsonc bundles libjson-c.

libev in rubygem-nio4r

bundled(libev)

Because the nio4r places have modified the bundled libev deeply to unlock the MRI "Global VM Lock". See the comments in the spec file for details.

jQuery bundled in rubygem-jquery-rails

bundled(js-jquery)

jquery-rails bundles specific versions of jQuery {1,2,3} and system versions might differ from time to time.

pip bundled in python34, python35, python36

bundled(python3-pip)

These are additional compat interpreters aimed only for testing code

setuptools bundled in python34, python35, python36

bundled(python3-setuptools)

These are additional compat interpreters aimed only for testing code

Bundled in WebKitGTK+ (webkitgtk4 package)

bundled(angle)

ANGLE does not have a stable API, is difficult to update, and the version used must match that expected by WebKit, so it would be very difficult to unbundle.

OpenSSL bundled in edk2

bundled(openssl)

Virtual machine firmware is compiled with a different ABI than the host (and in fact it might not even be running on the same architecture as the host---e.g. ARM firmware on x86).

↑There are multiple md5 implementations. The ones that have an actual library (libnss, libgcrypt, openssl, libmd, etc) are not covered by this exception. The ones that are copied from other applications are.

↑There are multiple sha1 implementations. The ones that have an actual library (libnss, libgcrypt, openssl, etc) are not covered by this case. The ones that are copied from other applications are.

↑Change $IMPLEMENTATION depending on which implementation of sha1 is being bundled. The ones known so far are the Uwe Hollerbach-Peter C. Gutmann version (bundled(sha1-hollerbach)) as found in apt-cacher-ng

↑The version for binutils provides should be the date that the binutils checkout was made

↑The upstream explicitly intends for this library to be "vendored" and copied directly into any projects which use it. The Fedora Packaging Committee has a general feeling of distaste for this behavior.